Over the next few days, we will release patches to MazeRunner Enterprise Edition and Community Edition so that as a user, you will get these new honeypots automatically. If your MazeRunner instance is not connected to the Internet, contact us directly to receive a download link for the patches.

Technical notes:

The Python open source honeypots will run well, but will not actually make your system vulnerable to the CVE, and may need to be modified slightly to include reporting capabilities, etc., as they are running outside of MazeRunner

The honeypots are based on Python’s built-in HTTP server, plus custom code to detect the specific exploits

Interesting note:

Even while developing honeypots, one must be careful with secure development. With the Oracle MICROS PoS, we unintentionally coded a directory traversal vulnerability on our own in the initial coding. Of course, it was caught and fixed in short order, but we wanted to share. It gave us an extra couple minutes of pure joy:

(To be clear: This vulnerability does not exist in the released code).

Credits: The honeypots were researched and developed by Omer Cohen and Imri Goldberg, and reviewed by Nadav Lev and Itamar Sher.